<?php

/************************************************************************/
/* Bộ Module Tiện ích cho NukeViet                                      */
/* Date: 18-05-2006                                                     */
/* Cung cấp bởi: nguoiquangnam.de ; Sửa đổi bởi: http://mangvn.org      */
/* Tới http://xaydungcauduong.net để cập nhật bản mới nhất          	*/
/* http://mangxd.com - http://mangxd.net -http://phanmem.good.to        */
/************************************************************************/

if ((!defined('NV_SYSTEM')) AND (!defined('NV_ADMIN'))) { 
die ("You can't access this file directly...<br>Rat tiec, ban khong the truy cap truc tiep file nay!<br><hr><center>Copyright 2006 by <a href='mailto:laser.hp@gmail.com'>laser.hp@gmail.com</a> - <a href='http://xaydungcauduong.net'>xaydungcauduong.net</a><br><a href='http://mangxd.com'>www.mangxd.com</a> | <a href='http://mangxd.net'>www.mangxd.net</a> | <a href='http://mangvn.org'>www.mangvn.org</a><br><br><a href='javascript:history.back(1)'><b>[Quay lai]</b></a></center>");
}
require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
require_once("includes/db/config_News.php");
get_lang($module_name);
$index = 1;

function defaultDisplay() {
    global $max_size, $width, $height, $AllowableHTML, $prefix, $anonpost, $user, $cookie, $anonymous, $currentlang, $multilingual, $db, $module_name, $source;

    include ('header.php');
    OpenTable();
    if (!defined('IS_USER') AND $anonpost == 0) {
    echo "<br><br><center>"._EROR9."<br><br><a href=\"modules.php?name=Your_Account&op=new_user\">"._NEWUSER."</a></center><br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    echo "<center><font class=\"title\"><b>"._SUBMITNEWS."</b></font><br><br>";
    echo "<font class=\"content\">"._SUBMITADVICE."</font></center><br>";
    CloseTable();
    echo "<br>";
    OpenTable();

    echo "<p><form enctype=\"multipart/form-data\" action=\"modules.php?name=$module_name\" method=\"post\">"
        ."<b>"._YOURNAME.":</b><br>";
     if (!defined('IS_USER')) {
    cookiedecode($user);
    echo "<a href=\"modules.php?name=Your_Account\" target=\"_blank\"><b>$cookie[1]</b></a>";
    echo "<input type=\"hide\" name=\"sender_name\" value=\"$cookie[1]\">";
    } else {
    echo"<input type=\"text\" name=\"sender_name\" size=\"40\" maxlength=\"40\">";
    }
	echo"<br><b>"._SOURCE."</b> ("._SOURCER.")<br>";
	echo " <input type=\"text\" name=\"source\" size=\"40\" maxlength=\"40\">";
    echo "<br><br>"
        ."<b>"._SUBTITLE."<font color=\"red\">(*)</font>:</b><br>"._BADTITLES."<br>"
        ."<input type=\"text\" name=\"subject\" size=\"70\">"
        ."<br><br>";
    $sql = "SELECT catid, title FROM ".$prefix."_stories_cat ORDER BY title";
    $result = $db->sql_query($sql);
    if ($numrows = $db->sql_numrows($result) > 0) {
        echo "<b>"._CAT.":</b> <select name=\"cat\">";
        echo "<option value=\"\">"._SELECTCAT."</option>\n";
        while ($row = $db->sql_fetchrow($result)) {
        $cat_id = $row[catid];
        $cat_title = $row[title];
        echo "<option value=\"$cat_id\">$cat_title</option>\n";
    }
    echo "</select><br><br>";
    }
    else {
    echo "<input type=\"hidden\" name=\"cat\" value=\"0\">";
    }
    if ($multilingual == 1) {
        echo "<b>"._LANGUAGE.": </b>"
            ."<select name=\"alanguage\">";
        $handle=opendir('language');
        while ($file = readdir($handle)) {
            if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
                $langFound = $matches[1];
                $languageslist .= "$langFound ";
            }
        }
        closedir($handle);
        $languageslist = explode(" ", $languageslist);
        sort($languageslist);
        for ($i=0; $i < sizeof($languageslist); $i++) {
            if($languageslist[$i]!="") {
                echo "<option value=\"$languageslist[$i]\" ";
            if($languageslist[$i]==$currentlang) echo "selected";
                echo ">".ucfirst($languageslist[$i])."</option>\n";
            }
        }
        echo "</select>";
    } else {
        echo "<input type=\"hidden\" name=\"alanguage\" value=\"$language\">";
    }
        echo "<br><br>"
        ."<b>"._STORYTEXT."<font color=\"red\">(*)</font>:</b><br>"
        ."<textarea cols=\"70\" rows=\"12\" name=\"story\"></textarea><br>"
        ."<br><br><b>"._EXTENDEDTEXT.":</b><br>"
        ."<textarea cols=\"70\" rows=\"12\" name=\"storyext\"></textarea><br>";
		echo "<font color=\"red\">(*)</font>: "._BB."<br><br>"
        ."<b>"._STPIC.":</b> "
        ."<input name=\"userfile\" type=\"file\"><br><br>"
        .""._ALIMAGES.":<br>"._MAXSIZE." $max_size b, "._MAXSIZE2." $width px x $height px, "._ALFORMAT." .gif, .jpg, .jpeg, .png, bmp.<br><br>"
        .""._ALLOWEDHTML."<br>";
		
         while (list($key,) = each($AllowableHTML)) echo " &lt;".$key."&gt;";
    echo "<br><br><input type=\"submit\" name=\"op\" value=\""._PREVIEW."\">&nbsp;&nbsp;"
        ."<select name=\"posttype\">\n"
        ."<option value=\"exttrans\">"._EXTRANS."</option>\n"
        ."<option value=\"html\" >"._HTMLFORMATED."</option>\n"
        ."<option value=\"plaintext\" selected>"._PLAINTEXT."</option>\n"
        ."</select>"
        ."<br></form>";
    CloseTable();
    include ('footer.php');
}

function PreviewStory($sender_name, $subject, $cat, $story, $storyext, $images, $delpic, $alanguage, $posttype) {
    global $im_position, $max_size, $width, $height, $temp_path, $user, $cookie, $bgcolor1, $bgcolor2, $anonymous, $prefix, $multilingual, $AllowableHTML, $db, $module_name, $source;
    include ('header.php');
    OpenTable();
    if ($subject == "") {
    echo "<br><br><center>"._EROR7."<br><br>"._GOBACK."</center><br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    if ($story == "") {
    echo "<br><br><center>"._EROR8."<br><br>"._GOBACK."</center><br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    if ($delpic == "yes") {
    unlink("$temp_path/$images");
    $images = "";
    }

    if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {

    if ($_FILES['userfile']['size']>$max_size) {
    echo "<br><br><center>"._EROR1." ".$_FILES['userfile']['size']." "._EROR2."<br><br>"._GOBACK."</center><br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    if (($_FILES['userfile']['type']=="image/gif") || ($_FILES['userfile']['type']=="image/pjpeg") || ($_FILES['userfile']['type']=="image/jpeg") || ($_FILES['userfile']['type']=="image/png") || ($_FILES['userfile']['type']=="image/bmp")) {

    $realname = $_FILES['userfile']['name'];
    $datakod = date(U);
    $picname = "".$datakod."_".$realname."";
    $res = copy($_FILES['userfile']['tmp_name'], "$temp_path/$picname");
    $images = $picname;
    if (!$res) {
    echo "<br><br>upload failed!<br>\n";
    CloseTable();
    include ('footer.php');
    exit;
    }
    $size2 = getimagesize("$temp_path/$picname");
    if (($size2[0] > $width) AND ($size2[1] > $height)) {
    unlink("$temp_path/$picname");
    echo "<br><br><center>"._EROR3." $size2[0]px "._EROR4." $size2[1]px, "._EROR5." $width x $height .<br><br>"._GOBACK."</center><br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    }
    else {
    echo "<br><br><center>"._EROR6."<br><br>"._GOBACK."</center><br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    }
    if ($images != "") {
    $story_pic = "<a href=\"$temp_path/$images\" target=\"_blank\"><img border=\"0\" src=\"$temp_path/$images\" style=\"float: $im_position\" width=\"140\" align=\"left\"></a>";
    }
    else {
    $story_pic = "";
    }
    $subject = stripslashes($subject);
    $story = stripslashes($story);
    $storyext = stripslashes($storyext);
	 
    if ($posttype=="exttrans") {
        $f_story = nl2br(htmlspecialchars($story));
        $f_storyext = nl2br(htmlspecialchars($storyext));
    } elseif ($posttype=="plaintext") {
        $f_story = nl2br($story);
        $f_storyext = nl2br($storyext);
    } else {
        $f_story = $story;
        $f_storyext = $storyext;
    }
       echo "<center><font class=\"title\"><b>"._NEWSUBPREVIEW."</b></font>";
    CloseTable();
    echo "<br>";
    OpenTable();
    echo "<center><i>"._STORYLOOK."</i><hr><b>"._STORYLOOK2."</b></center><br><br>";
    echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"10\" width=\"100%\">
    <tr><td><font class=storytitle>$subject</font></td></tr>
    <tr><td>$story_pic $f_story<br><br>$f_storyext</td></tr>
    </table>";
    CloseTable();
    echo "<br>";
    OpenTable();
    echo "<center>"._NEXT2."</center><br><p><form enctype=\"multipart/form-data\" action=\"modules.php?name=$module_name\" method=\"post\">"
        ."<b>"._YOURNAME.":</b><br>";
     if (!defined('IS_USER')) {
    cookiedecode($user);
    echo "<a href=\"modules.php?name=Your_Account\" target=\"_blank\"><b>$cookie[1]</b></a>";
    echo "<input type=\"hide\" name=\"sender_name\" value=\"$cookie[1]\">";
    } else {
    echo"<input type=\"text\" name=\"sender_name\" size=\"40\" maxlength=\"40\">";
    }
		echo "<br><b>"._SOURCE.":</b><br>";
        echo "<input type=\"text\" name=\"source\" size=\"40\" value=\"$source\">";
    echo "<br><br><b>"._SUBTITLE.":</b><br>"
        ."<input type=\"text\" name=\"subject\" size=\"70\" value=\"$subject\"><br><br>";
        $sql = "SELECT catid, title FROM ".$prefix."_stories_cat ORDER BY title";
        $result = $db->sql_query($sql);
    if ($numrows = $db->sql_numrows($result) > 0) {
        echo "<b>"._CAT.":</b> <select name=\"cat\">";
        echo "<option value=\"\">"._SELECTCAT."</option>\n";
        while ($row = $db->sql_fetchrow($result)) {
        $cat_id = $row[catid];
        $cat_title = $row[title];
        if ($cat_id == $cat) {
        $sel = "selected";
        } else {
        $sel = "";
        }
    echo "<option value=\"$cat_id\" $sel>$cat_title</option>\n";
    }
    echo "</select><br><br>";
    }
    else {
    echo "<input type=\"hidden\" name=\"cat\" value=\"0\">";
    }
    if ($multilingual == 1) {
        echo "<b>"._LANGUAGE.": </b>"
            ."<select name=\"alanguage\">";
        $handle=opendir('language');
        while ($file = readdir($handle)) {
            if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
                $langFound = $matches[1];
                $languageslist .= "$langFound ";
            }
        }
        closedir($handle);
        $languageslist = explode(" ", $languageslist);
        sort($languageslist);
        for ($i=0; $i < sizeof($languageslist); $i++) {
            if($languageslist[$i]!="") {
                echo "<option value=\"$languageslist[$i]\" ";
                if($languageslist[$i]==$alanguage) echo "selected";
                echo ">".ucfirst($languageslist[$i])."</option>\n";
            }
        }
        echo "</select>";
    }
    echo "<br><br><b>"._STORYTEXT.":</b> ("._HTMLISFINE.")<br>"
        ."<textarea cols=\"70\" rows=\"12\" name=\"story\">$story</textarea><br>"
        ."<br><b>"._EXTENDEDTEXT.":</b><br>"
        ."<textarea cols=\"70\" rows=\"12\" name=\"storyext\">$storyext</textarea><br><br>";
        if ($images != "") {
    echo "<b>"._DELSTPIC.":</b> ";
    echo "<input type=\"checkbox\" name=\"delpic\" value=\"yes\"><br><br>";
    echo "<input type=\"hidden\" name=\"images\" value=\"$images\">";
    }
    else {
    echo "<b>"._STPIC.":</b> "
    ."<input name=\"userfile\" type=\"file\"><br><br>";
    echo ""._ALIMAGES.":<br>"._MAXSIZE." $max_size b, "._MAXSIZE2." $width px x $height px, "._ALFORMAT." .gif, .jpg, .jpeg, .png, bmp.<br><br>";
    }
        echo ""._ALLOWEDHTML."<br>";
         while (list($key,) = each($AllowableHTML)) echo " &lt;".$key."&gt;";
    echo "<br><br>"
        ."<input type=\"submit\" name=\"op\" value=\""._PREVIEW."\">&nbsp;&nbsp;"
        ."<input type=\"submit\" name=\"op\" value=\""._OK."\">&nbsp;&nbsp;"
        ."<select name=\"posttype\"><option value=\"exttrans\"";
    if ($posttype=="exttrans") {
        echo " selected";
    }
    echo ">"._EXTRANS."</option>\n"
        ."<OPTION value=\"html\"";;
    if ($posttype=="html") {
        echo " selected";
    }
    echo ">"._HTMLFORMATED."</option>\n"
        ."<OPTION value=\"plaintext\"";
    if (($posttype!="exttrans") && ($posttype!="html")) {
        echo " selected";
    }
    echo ">"._PLAINTEXT."</option></select>"
        ."</form>";
    CloseTable();
    include ('footer.php');
}

function submitStory($sender_name, $subject, $cat, $story, $storyext, $images, $delpic, $alanguage, $posttype, $source) {
    global $max_size, $width, $height, $temp_path, $EditedMessage, $notify, $adminmail, $sitename, $prefix, $db, $module_name;

    include ('header.php');
    OpenTable();
    if ($subject == "") {
    echo "<br><br><center>"._EROR7."<br><br>"._GOBACK."</center><br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    if ($story == "") {
    echo "<br><br><center>"._EROR8."<br><br>"._GOBACK."</center><br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    if ($delpic == "yes") {
    unlink("$temp_path/$images");
    $images = "";
    }

    if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {

    if ($_FILES['userfile']['size']>$max_size) {
    echo "<br><br><center>"._EROR1." ".$_FILES['userfile']['size']." "._EROR2."<br><br>"._GOBACK."</center><br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    if (($_FILES['userfile']['type']=="image/gif") || ($_FILES['userfile']['type']=="image/pjpeg") || ($_FILES['userfile']['type']=="image/jpeg") || ($_FILES['userfile']['type']=="image/png") || ($_FILES['userfile']['type']=="image/bmp")) {

    $realname = $_FILES['userfile']['name'];
    $datakod = date(U);
    $picname = "".$datakod."_".$realname."";
    $res = copy($_FILES['userfile']['tmp_name'], "$temp_path/$picname");
    $images = $picname;
    if (!$res) {
    echo "<br><br>upload failed!<br>\n";
    CloseTable();
    include ('footer.php');
    exit;
    }
    $size2 = getimagesize("$temp_path/$picname");
    if (($size2[0] > $width) AND ($size2[1] > $height)) {
    unlink("$temp_path/$picname");
    echo "<br><br><center>"._EROR3." $size2[0]px "._EROR4." $size2[1]px, "._EROR5." $width x $height .<br><br>"._GOBACK."</center><br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    }
    else {
    echo "<br><br><center>"._EROR6."<br><br>"._GOBACK."</center><br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    }


    $subject = ereg_replace("\"", "''", $subject);
    $subject = FixQuotes(filter_text($subject, "nohtml"));
    $sender_ip        = getenv('REMOTE_ADDR');
	$imgtext = nl2br(stripslashes(FixQuotes($imgtext)));
    $notes = nl2br(stripslashes(FixQuotes($notes)));
    $source = nl2br(stripslashes(FixQuotes($source)));
    if($posttype=="exttrans") {
        $story = FixQuotes(nl2br(htmlspecialchars($story)));
        $storyext = FixQuotes(nl2br(htmlspecialchars($storyext)));
    } elseif($posttype=="plaintext") {
        $story = FixQuotes(nl2br(filter_text($story)));
        $storyext = FixQuotes(nl2br(filter_text($storyext)));
    } else {
        $story = FixQuotes(filter_text($story));
        $storyext = FixQuotes(filter_text($storyext));
    }
    $sql = "INSERT INTO ".$prefix."_stories_temp VALUES (NULL, '$cat', '$sender_name', '$subject', now(), '$story', '$storyext', '$images', '$alanguage', '$sender_ip', '$imgtext', '$source', '0', '$notes')";
    $result = $db->sql_query($sql);
    if(!$result) {
    echo "<br><br><center>"._EROR10."<br><br>";
    CloseTable();
    include ('footer.php');
    exit;
    }
    if($notify == 1) {
        $notify_message = ""._NOTMESAGE."\n\n\n========================================================\n$subject\n\n\n$story\n\n$storyext\n\n$sender_name";
        $to = $adminmail;
        $subject = ""._NEWARTICLE."";
        $mailheaders = "Content-Type: text/plain; charset="._CHARSET."\n";
        $mailheaders .= "From: $sitename <$adminmail>\n";
        mail($to, $subject, $notify_message, $mailheaders);
    }

    echo "<br><br><center><font class=\"title\">"._SUBSENT."</font><br><br>"
        ."<font class=\"content\"><b>"._THANKSSUB."</b><br><br>"
        .""._SUBTEXT."<br><br>"
        ."<a href=\"modules.php?name=$module_name\">"._NEXT."</a><br><br>";

    CloseTable();
    include ('footer.php');
}

switch($op) {

    case ""._PREVIEW."":
        PreviewStory($sender_name, $subject, $cat, $story, $storyext, $images, $delpic, $alanguage, $posttype, $source);
        break;

    case ""._OK."":
        SubmitStory($sender_name, $subject, $cat, $story, $storyext, $images, $delpic, $alanguage, $posttype, $source);
        break;

    default:
        defaultDisplay();
        break;

}

?>